Sarah Sullivan
“Write your own definition of success and don’t worry about what other people might think is the ‘right path.’”
She started as a childhood tinkerer and now she’s a cybersecurity leader. Sarah Sullivan earned her master’s in electrical engineering at Johns Hopkins, taught physics at an all-girls school in Philadelphia, and researched bioengineering at the University of Pennsylvania. She pivoted to finance and data analytics at Jefferson Health, before finding her calling in cybersecurity. Today, she’s Associate VP for Identity and Risk at Thomas Jefferson University, securing systems across Jefferson Health and Health Plans. Her career is proof that you really can forge your own path, and everyone’s road to success looks different.
What is one skill, interest or talent of yours that makes you great at your job?
I love to learn new things. I never want to hold still, but be constantly evolving, growing, and building new skills and knowledge. In this constantly evolving landscape, enjoying the process of learning new things quickly is the most valuable skill that I have.
What is the best piece of unconventional career advice you’ve gotten?
Write your own definition of success and don’t worry about what other people might think is the “right path.”
What is your proudest moment working in the cybersecurity industry?
Working with the healthcare industry has made my work deeply meaningful and satisfying. While my team is not made up of doctors and nurses and we never touch patients, we are still in the business of saving lives and keeping people safe by ensuring that our critical infrastructure stays up, and that we are prepared to recover quickly if something happens. The knowledge that my work matters and has a real impact on people’s lives makes me incredibly proud.
When did you become interested in pursuing a career in cyber and what prompted it?
Well into my career, our Chief Information Security Officer (CISO) reached out to me about moving from a career in data analytics onto the cyber team. I hadn’t previously considered cyber, and would never have made this change on my own. After that conversation, I started to do my own research and realized that many cyber problems are really data problems. I felt that I had something unique to bring to the team, and I love learning new things, so I made the change.
What are the top 3 things you would tell people hoping to enter the cybersecurity industry?
- It isn’t what you think from watching movies. There are so many different types of roles in cyber, and so many different skills are important. Likely, whatever your strengths, there is a place for them in cyber.
- Get ready to adapt. Whatever company you land in, this will be a dynamic field.
- Cyber is about people as much as it is about technology. You need to understand human behavior and be able to build relationships and trust with stakeholders. No technology alone can solve security problems in the absence of these things.
What are some misconceptions people might have about the cybersecurity industry and what can we do to change these misconceptions?
I think there is a misconception that cybersecurity professionals are all hackers doing penetration testing and red team exercises, when in reality, there is a huge breadth of roles in cyber. I like to highlight the diversity of educational and career backgrounds among my team members to show how a variety of skills can lead to success in this field. I have veterans, educators, auditors, nurses, call center analysts, and so many other career paths who are all meaningful contributors to the team. Seeing the many paths into cybersecurity makes others feel that their path is open, too.
Do you feel like you’re contributing to helping keep our world secure and can you share why that matters to you?
I feel like I am contributing to keeping the world secure, particularly because I work in the healthcare and education industry. I know that keeping our services available means literally life-saving care, and world-changing education is being delivered to patients, members, and students.
As someone who lives in the communities that Jefferson Health serves, this is deeply personal for me. My children were born at Jefferson hospitals, and my loved ones, and even myself, have been cared for there. The work we do to ensure the confidentiality, integrity, and availability of our critical infrastructure means my family and my neighbors can feel safe knowing they have access to secure health and education services.
What positive change do you think will take place as we bring the next generation into the cybersecurity industry?
I see so much progress in overall awareness around cybersecurity in our users and the general population. I think this does two things: it opens up more people to the opportunities of a cyber career, and it changes the conversation from one where a few people on the cyber team are responsible for security, to a shared responsibility where we all understand the risks and have a role in mitigating them.
Who is your role model in the cybersecurity industry and why?
While not typically classified as a cybersecurity leader, I love the story of Hedy Lamarr. She is famous for being a beautiful and talented Hollywood actress in the 1940s, but she didn’t confine herself to that. During WWII she worked with a partner to develop the concept of spread spectrum (frequency hopping) technology, which is the basis for several modern secure communication protocols. It is a great example that whatever a person’s background, they can contribute to this industry.
